When it comes to enterprise security﻿, Windows 10 will instead give businesses "a number of options," according to CSO. Similar to how technical previews of Windows 10 have been pushed over distribution rings, businesses will also be able to opt into distribution rings for security updates.

Like Windows 10, there will be two different rings, one fast and one slow. The faster ring will push security updates immediately upon release, while the slower ring will give businesses time "to see if any additional issues pop up with the patches." For "machines that organizations need to keep precisely configured," Microsoft will have a third option, which will only push critical security updates while withholding new feature updates.

Microsoft also went into greater detail about Device Guard, a security feature for enterprises that it introduced earlier this week. Beyond offering IT administrators the ability to set what applications are suitable for an organization's systems and network, it will work in tandem with a new software "to control the unauthorized copying of organizational data." Any unauthorized attempts to copy organizational data will be logged.

Another service called Azure Rights Management Services will, according to CSO, "guard against corporate data leakage ... [and] provide the ability to protect access to files even after they leave the individual computer." Microsoft explained that this new feature will let users specify permissions for recipients on files before sending them. Microsoft's executive Brad Anderson said the service creates "self-protecting" files.

Beyond introducing self-protecting files, Windows 10 will also give IT administrators "statistics on the usage of [a self-protected] file, such as how many people read the document, how many of those were authorized, and the names of those who tried to open the document but ... weren't authorized to do so."

Enterprises that use Microsoft's new Azure Active Directory will also be offered a new service "that can identify anomalous sign-ins, or those attempted log-ins to the organization's system that probably didn't originate from the employee." Enterprises can build upon this service with a more advanced system called Microsoft Advanced Threat Analytics, which "can provide a timeline view of a series of activities that make up a single attack as they unfold across different system resources."

How will the end of Patch Tuesday affect how you push out security updates in your organization? And which of these new features and services will be most helpful for your organization?

These features sound cool but they also describe them as for "enterprises" without really quantifying that. I hope that these new features are simple enough (in time and resources) for small enterprises to use!

The Self Protecting Files thing is looking pretty awesome as well although I can see it being more relevant for home users.

Actually Azure Rights Management is already active for Office 365 users with enterprise 1-3 packages (it might be available for other packages too though). So for instance, if one of my users sends a file attachment to someone via email, we can specify what user(s) can open that file. If they share it, tough.. it won't open (which is awesome ^.^), but I don't know that it has the level of reporting they're talking about in the linked articles. For business however, what's really awesome is that I can set permissions on our OneDrive data and make it all require domain creds to open anything located there. So even if an assailant were to get copies of the data, they would have to crack the file encryption or obtain a complete set of domain credentials to open any of the data. :) It's actually pretty dang neat. =D

Curious how vulnerabilities that affect all versions of Windows will be handled. If they're released immediately for Windows 10 (with accompanying advisory), but not for other versions of Windows, then there will be a period of time potentially spanning a few weeks where a known public vulnerability will remain unpatched. That would give the bad guys enough time to start exploiting the vulnerability.

As a first impression, it's looks good. But then...the ring concept is rather generic and could mean some lack of control on what gets and does not get updated. But that's just for Windows 10 machines (servers?).

What is and will continue to be troublesome are server patches (SQL, SSCM, Sharepoint...) and it does not look it's going to change. And what about Exchange Cumulative Updates? Anyone really willing to deploy them without any control?

With the shitshow we've just been through with Lync/Skype for Business, I have zero confidence in Microsoft updates going forward. I'll admit I'm posting angry, but I've got a bad taste in my mouth, and can only see lies, broken tools, and increased helpdesk traffic ahead.

I think patch Tuesday was a good thing for server maintenance, at least for me. I like being able to install all the previous month's patches the first week of the month. Easy to schedule. These new versions will be a pain. How do you keep a schedule? What a pain to now have to go through all the patches first before restarting. A drag, not an improvement in my book. This was something that wasn't broken...

With the shitshow we've just been through with Lync/Skype for Business, I have zero confidence in Microsoft updates going forward. I'll admit I'm posting angry, but I've got a bad taste in my mouth, and can only see lies, broken tools, and increased helpdesk traffic ahead.

I've still got half my org running Lync and the other half running Skype for Business. The client updates being pushed are totally inconsistent and it's driving me nuts.

It sounds good, but the piece that's concerning me is parches that will break other software's. Part of our change management process looks at patches in the light of will it break some third party app or such that we depend on.